Audit Compliance-Ensure that parked document does not get approved by same person
You would think that this is pretty straightforward requirement right? A requirement as basic as this should be easily enabled in SAP by the flick of a switch in SPRO, right?
Well not quiet – unfortunately SAP has provided no easy control
in which a person who is parking a document can be prohibited from approving that document.
Example if a user creates a JE or an Invoice and parks these documents, then what is to prevent him from posting this entry in the first place?
Currently you can get into one of the parking transactions (such as FV60-75) and post a document instead of parking it if you like.
This is obviously not something that cannot not be changed.
Unfortunately I do not think that a straightforward validation works either wherein you could make a check on BKPF.USNAM = BKPF.PPNAM and provide an error when a user attempts to approve a parked document. Everytime SAP saves a parked document, USNAM field (user) is saved with the person parking the entry and then when a person approves the entry, at the point of save, USNAM is once again replaced with the person approving the entry whereas the field PPNAM is used to store the user ID that parked the entry in the first place. This functionality eliminates the use of a straightforward validation.
However a validation with a user exit is possible and this is how it can be done:
- Create a validation at the Document Header/Overall Document Level that checks for the tcode. Something like:
SYST-TCODE = ‘FBVB’ OR SYST-TCODE = ‘FBV0’
2. Write a user exit with code that checks for the user name and the status of the transaction. Something like:
FORM <userexitname> CHANGING b_result.
DATA: uname TYPE uname .
b_result = b_true .
IF sy-ucomm = ‘BU’ . “SAVE
SELECT SINGLE usnam INTO uname FROM bkpf
WHERE bukrs = bkpf-bukrs
AND belnr = bkpf-belnr.
IF uname = syst-uname .
b_result = b_false.
3. Go to SE91 and have your own custom error code – something that says – “You cannot approve your own posted document” and put that in the message step in GGB0.
4. Activate this validation by going to OB28 and setting it up for a specific company code as required (preferably set it up for all company codes)
5. Test and make sure that the person parking a document cannot post it – that’s it!
A necessary requirement in my opinion that trips up audit every time and something that SAP needs to provide out of the box without resorting to a user exit/BTE/function module and so on.